Friday, August 21, 2015

Help-file-decrypt.enc and pronk.txt files belong to Trojan.Cryptolocker.X ransomware. I wrote about it a few years ago. I was surprised to see that it's still active although slightly modified. Anyway, if you got these files in every folder on your computer and you noticed that most of your files are encrypted then your computer is infected with this encryption virus. It also renames encrypted files by adding either safefiles32@mail.ru or filesdecrypt@india.com at the end of each file name. Cyber criminals who created this ransomware use these email address to communicate with victims and send further information on how to decrypt files and of course how to pay the ransom. Basically, they expect you will contact them through safefiles32@mail.ru for more information.

It's a rather new variant first detected about a week ago. However, it doesn't bring anything new and instead use a well known encryption and extortion scheme. If you're a savvy internet user and you are well aware that there are numerous threats to your online safety. Whether you are a home user who uses the web for sending emails, shopping and reading the news or you’re a small business owner or manager, protecting the data that is rightfully yours is more crucial than ever before. And if you are the owner of a company, data security is often a matter of law and you will need to be compliant to avoid risking fines or other penalties.

It may appear that cyber criminals, hackers, phishers, spammers, call them what you will, only target big corporations, but the fact is you and your home PC or small business computer network are a far easier target. These people exploit our vulnerabilities and our lesser degree of technical expertise to make big bucks. And one of the ways they do this is through the use of a malicious software program, called ransomware.

What is help-file-decrypt.enc ransomware?

It is a program which has been designed to 'kidnap' your files or data by making them inaccessible to you. The files will be encrypted – i.e. held hostage – and only released back to you once you have paid the ransom. The ransom note pronk.txt will either be created in each folder with at least one encrypted file or displayed in a pop-up window or full screen message – pretty panic inducing for most of us. The message will tell you that once you have paid the kidnapper's demands, you will be sent a code so that you can decrypt your files. It allocates virtual memory in foreign processes and creates even more malicious files on your computer. It can also modify proxy settings and communicate with C&C servers. Not to mention that it can control your CPU usage and send sensitive information to cyber criminals.

Ransomware's method of attack

Like most malware, it is disseminated either by email, by being embedded on a compromised or malicious website, or included as an add-on with a download. And of course, as we all use email and the web every day, and download apps, software and files on a frequent basis, we are all at risk of potentially losing, not only our files, but a large sum of money too.

The trick is to stay vigilant

Just because you're not a world famous pop star or a global leader it doesn't mean you are not at risk of kidnapping – at least not this form of online cyber kidnapping anyway. Your data is just as prone to being kidnapped and held to ransom as that belonging to the most beloved film stars and loathed politicians! And that means that you need to be careful when downloading and installing things, and be very cautious when dealing with emails or chat messages from unknown senders.

You should also try to avoid visiting websites that may potentially be disreputable, and don't let yourself be suckered into downloading freebie games and apps that don't have any reviews or recommendations or are not offered via one of the big download websites.

Of course, installing a good anti-malware program on your PC is crucial too, as is making sure it is always up to date.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted. But before restoring your files, please remove the help-file-decrypt.enc ransomware and related malware files from your computer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Before restoring your files from shadow copies, make sure the Trojan.Cryptolocker.X is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.